MDKSA-2006:100

Problem description

A vulnerability in gdm could allow a user to activate the gdm setup
program if the administrator configured a gdm theme that provided a
user list. The user could do so by choosing the setup option from
the menu, clicking the user list, then entering his own password
instead of root's.